<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第124期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第124期）</strong></h5>
<blockquote> 2016/07/11-2016/07/17</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[书籍]&nbsp;&nbsp;</span>新书推荐 - 《漏洞战争》- 泉哥新书<br><a target="_blank" href="http://item.jd.com/10452457414.html">http://item.jd.com/10452457414.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Cybersecurity in the Healthcare Industry<br><a target="_blank" href="http://resources.infosecinstitute.com/cybersecurity-in-the-healthcare-industry/">http://resources.infosecinstitute.com/cybersecurity-in-the-healthcare-industry/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Healthcare Hacking<br><a target="_blank" href="http://resources.infosecinstitute.com/healthcare-hacking/">http://resources.infosecinstitute.com/healthcare-hacking/</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>NSA Labels Privacy-Centric Internet Users As Extremists – The Merkle<br><a target="_blank" href="http://themerkle.com/nsa-labels-privacy-centric-internet-users-as-extremists/">http://themerkle.com/nsa-labels-privacy-centric-internet-users-as-extremists/</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>漏洞披露模式的法理与价值：记乌云白帽大会圆桌论坛<br><a target="_blank" href="http://www.aqniu.com/news-views/17655.html">http://www.aqniu.com/news-views/17655.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Serious Vulnerability Affects Over 120 D-Link Products <br><a target="_blank" href="http://www.securityweek.com/serious-vulnerability-affects-over-120-d-link-products">http://www.securityweek.com/serious-vulnerability-affects-over-120-d-link-products</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[视频]&nbsp;&nbsp;</span>2016乌云白帽大会视频-0709#密码1olm<br><a target="_blank" href="http://pan.baidu.com/s/1slGL0df">http://pan.baidu.com/s/1slGL0df</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>sqlmap 的源码学习笔记一之目录结构<br><a target="_blank" href="http://blog.csdn.net/qq_29277155/article/details/51646932">http://blog.csdn.net/qq_29277155/article/details/51646932</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Some-PoC-oR-ExP: 各种漏洞poc、Exp的收集或编写<br><a target="_blank" href="https://github.com/coffeehb/Some-PoC-oR-ExP">https://github.com/coffeehb/Some-PoC-oR-ExP</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>A fork of AFL for fuzzing Windows binaries<br><a target="_blank" href="https://github.com/ivanfratric/winafl">https://github.com/ivanfratric/winafl</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>小话企业安全能力建设<br><a target="_blank" href="http://danqingdani.blog.163.com/blog/static/186094195201661125812630">http://danqingdani.blog.163.com/blog/static/186094195201661125812630</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>使用GnuRadio + OpenLTE + SDR 搭建4G LTE 基站（上）<br><a target="_blank" href="http://www.freebuf.com/articles/wireless/108417.html">http://www.freebuf.com/articles/wireless/108417.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Incident Response Forensic Framework: nightHawk Response<br><a target="_blank" href="https://n0where.net/incident-response-forensic-framework-nighthawk-response/">https://n0where.net/incident-response-forensic-framework-nighthawk-response/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploiting Windows DRIVERS: Double-fetch Race Condition Vulnerability<br><a target="_blank" href="http://resources.infosecinstitute.com/exploiting-windows-drivers-double-fetch-race-condition-vulnerability/">http://resources.infosecinstitute.com/exploiting-windows-drivers-double-fetch-race-condition-vulnerability/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MYSQL提权总结<br><a target="_blank" href="http://www.webshell.cc/4790.html">http://www.webshell.cc/4790.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>srsLTE: Open source 3GPP LTE library<br><a target="_blank" href="https://github.com/srsLTE/srsLTE">https://github.com/srsLTE/srsLTE</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>nginx的proxy_pass使用https(SSL加密) <br><a target="_blank" href="http://xiaoxia.org/2016/07/15/nginx-proxy-pass-https/">http://xiaoxia.org/2016/07/15/nginx-proxy-pass-https/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BruteXSS - Cross-Site Scripting Bruteforcer<br><a target="_blank" href="https://github.com/shawarkhanethicalhacker/BruteXSS">https://github.com/shawarkhanethicalhacker/BruteXSS</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>XSS Hunter is Now Open Source<br><a target="_blank" href="https://thehackerblog.com/xss-hunter-is-now-open-source-heres-how-to-set-it-up/index.html">https://thehackerblog.com/xss-hunter-is-now-open-source-heres-how-to-set-it-up/index.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Project Triforce: Run AFL on Everything!<br><a target="_blank" href="www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/project-triforce-run-afl-on-everything/?Year=2016&amp;Month=6">www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/project-triforce-run-afl-on-everything/?Year=2016&amp;Month=6</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>2016乌云白帽大会企业场讲点儿啥？<br><a target="_blank" href="http://www.aqniu.com/industry/17542.html">http://www.aqniu.com/industry/17542.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>fenghuangscanner_v3:常见服务端口弱口令扫描器<br><a target="_blank" href="https://github.com/wilson9x1/fenghuangscanner_v3">https://github.com/wilson9x1/fenghuangscanner_v3</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Cisco Talos software<br><a target="_blank" href="http://www.talosintelligence.com/software/">http://www.talosintelligence.com/software/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>物联网IoT产品安全checklist#密码: z78I<br><a target="_blank" href="http://naotu.baidu.com/file/1687263a7055af3e44fb6ad10acef931">http://naotu.baidu.com/file/1687263a7055af3e44fb6ad10acef931</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>记一次WAF对抗赛详解&amp;全方位绕过WAF<br><a target="_blank" href="http://www.bugbank.cn/pwn/detail.html?pid=5775df28cbfaa97317a496a4">http://www.bugbank.cn/pwn/detail.html?pid=5775df28cbfaa97317a496a4</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>A Case Study in Attacking KeePass – Part 1<br><a target="_blank" href="http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/">http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>honeydrive：Honeypot Linux distribution <br><a target="_blank" href="https://bruteforce.gr/honeydrive">https://bruteforce.gr/honeydrive</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Rails Webconsole DNS Rebinding lead to Remote code execution<br><a target="_blank" href="http://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/">http://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>小议安卓定位伪造-实战足不出户畅玩pokemon go <br><a target="_blank" href="http://drops.wooyun.org/tips/17840">http://drops.wooyun.org/tips/17840</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>掌阅iReader某站Python漏洞挖掘<br><a target="_blank" href="https://www.leavesongs.com/PENETRATION/zhangyue-python-web-code-execute.html">https://www.leavesongs.com/PENETRATION/zhangyue-python-web-code-execute.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>白象的舞步——来自南亚次大陆的网络攻击<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&amp;mid=2650169803&amp;idx=1&amp;sn=b329ecfb9f42c67abaa95e6ee60329aa&amp;scene=23">http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&amp;mid=2650169803&amp;idx=1&amp;sn=b329ecfb9f42c67abaa95e6ee60329aa&amp;scene=23</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PoshC2 – Powershell C2<br><a target="_blank" href="http://www.hackwhackandsmack.com/?p=693">http://www.hackwhackandsmack.com/?p=693</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span> The first open source vulnerability scanner for firmwares <br><a target="_blank" href="https://github.com/misterch0c/firminator_backend">https://github.com/misterch0c/firminator_backend</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Radare2 Explorations: New book released! <br><a target="_blank" href="http://radare.today/posts/radare2-explorations/?utm_content=buffer14401&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer">http://radare.today/posts/radare2-explorations/?utm_content=buffer14401&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Official x64dbg blog<br><a target="_blank" href="http://x64dbg.com/blog/">http://x64dbg.com/blog/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>PEFix – simple PE file re-aligner<br><a target="_blank" href="http://www.hexacorn.com/blog/2016/07/09/pefix-simple-pe-file-re-aligner/">http://www.hexacorn.com/blog/2016/07/09/pefix-simple-pe-file-re-aligner/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>pystock-data: US stock market data since 2009<br><a target="_blank" href="https://github.com/eliangcs/pystock-data">https://github.com/eliangcs/pystock-data</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Google BigQuery: Analyze all the code of Github<br><a target="_blank" href="https://medium.com/@hoffa/github-on-bigquery-analyze-all-the-code-b3576fd2b150#.oak7ssj5m">https://medium.com/@hoffa/github-on-bigquery-analyze-all-the-code-b3576fd2b150#.oak7ssj5m</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>KeeThief – A Case Study in Attacking KeePass Part 2 <br><a target="_blank" href="http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/">http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>使用预先算好的字符串hash逆向分析shellcode <br><a target="_blank" href="http://anhkgg.github.io/anhkgg.github.io/precalculated-string-hashes-reverse-engineering-shellcode/">http://anhkgg.github.io/anhkgg.github.io/precalculated-string-hashes-reverse-engineering-shellcode/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Bluto V2.0 comming<br><a target="_blank" href="https://github.com/darryllane/Bluto">https://github.com/darryllane/Bluto</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>tomcatWarDeployer<br><a target="_blank" href="https://github.com/mgeeky/tomcatWarDeployer">https://github.com/mgeeky/tomcatWarDeployer</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span> Project to practice the basic at exploit bufferoverflow bugs. <br><a target="_blank" href="https://github.com/mikaelkall/vuln">https://github.com/mikaelkall/vuln</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>shadow – Firefox Heap Exploitation Tool (jemalloc)<br><a target="_blank" href="http://www.darknet.org.uk/2016/06/shadow-firefox-heap-exploitation-tool-jemalloc/">http://www.darknet.org.uk/2016/06/shadow-firefox-heap-exploitation-tool-jemalloc/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Code Review最佳实践<br><a target="_blank" href="https://github.com/hehonghui/android-tech-frontier/blob/master/issue-11/Code%20Review%E6%9C%80%E4%BD%B3%E5%AE%9E%E8%B7%B5.md">https://github.com/hehonghui/android-tech-frontier/blob/master/issue-11/Code%20Review%E6%9C%80%E4%BD%B3%E5%AE%9E%E8%B7%B5.md</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>  Introductory Intel x86: Architecture, Assembly, Applications, &amp; Alliteration<br><a target="_blank" href="http://opensecuritytraining.info/IntroX86.html">http://opensecuritytraining.info/IntroX86.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level0 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level00/">http://paraschetal.in/gracker-level00/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>InfoSecIITK Summer CTF 2016<br><a target="_blank" href="http://paraschetal.in/infoseciitk-summerctf16/">http://paraschetal.in/infoseciitk-summerctf16/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>nccgroup Blogs<br><a target="_blank" href="https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/">https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>[CVE-2016-4794/6162] Two linux kernel bugs<br><a target="_blank" href="https://marcograss.github.io/security/linux/2016/07/06/two-linux-kernel-bugs.html">https://marcograss.github.io/security/linux/2016/07/06/two-linux-kernel-bugs.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gaining Control of a .int Domain Name With DNS Trickery<br><a target="_blank" href="https://thehackerblog.com/the-international-incident-gaining-control-of-a-int-domain-name-with-dns-trickery/index.html">https://thehackerblog.com/the-international-incident-gaining-control-of-a-int-domain-name-with-dns-trickery/index.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>My_VBA_Bot - Writ ing Office Macro FUD  encoder and other stuff<br><a target="_blank" href="https://dl.packetstormsecurity.net/papers/general/My_VBA_Bot.pdf">https://dl.packetstormsecurity.net/papers/general/My_VBA_Bot.pdf</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android WebView 漏洞的利用、局限与终结 <br><a target="_blank" href="http://drops.wooyun.org/papers/17610">http://drops.wooyun.org/papers/17610</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>FreeBSD encryption. Part 2: The subtleties of daily use. (ru) <br><a target="_blank" href="http://byinsecure.com/freebsd-crypto-protection-2/">http://byinsecure.com/freebsd-crypto-protection-2/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>AppSecEU 2016 Videos<br><a target="_blank" href="https://www.youtube.com/playlist?list=PLpr-xdpM8wG-Kf1_BOnT2LFZU8_SXfpKL">https://www.youtube.com/playlist?list=PLpr-xdpM8wG-Kf1_BOnT2LFZU8_SXfpKL</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>ERTS – Exploit Reliability Testing System<br><a target="_blank" href="http://www.darknet.org.uk/2016/07/erts-exploit-reliability-testing-system/">http://www.darknet.org.uk/2016/07/erts-exploit-reliability-testing-system/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Heap spraying high addresses in 32-bit Chrome/Firefox on 64-bit Windows<br><a target="_blank" href="http://blog.skylined.nl/20160622001.html">http://blog.skylined.nl/20160622001.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Adobe Flash Player prior 11.2.202.621/18.0.0.352/21.0.0.242 buffer overflow<br><a target="_blank" href="https://vuldb.com/?id.88018">https://vuldb.com/?id.88018</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Writing your own shellcode.<br><a target="_blank" href="https://paraschetal.in/writing-your-own-shellcode/">https://paraschetal.in/writing-your-own-shellcode/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>NeutrinoEK来袭：爱拍网遭敲诈者病毒挂马 <br><a target="_blank" href="http://drops.wooyun.org/tips/17740">http://drops.wooyun.org/tips/17740</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level8 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level08/">http://paraschetal.in/gracker-level08/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>X86 Shellcode Obfuscation - Part 3<br><a target="_blank" href="https://breakdev.org/x86-shellcode-obfuscation-part-3/?utm_content=buffer5c342&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer">https://breakdev.org/x86-shellcode-obfuscation-part-3/?utm_content=buffer5c342&amp;utm_medium=social&amp;utm_source=twitter.com&amp;utm_campaign=buffer</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>勒索程序演化与发展趋势（14~16年）<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI2MzM0NjcxNw==&amp;mid=2247483786&amp;idx=1&amp;sn=4d3aff50c5722a887c4d111804f6a562">https://mp.weixin.qq.com/s?__biz=MzI2MzM0NjcxNw==&amp;mid=2247483786&amp;idx=1&amp;sn=4d3aff50c5722a887c4d111804f6a562</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>OpenIOC – Sharing Threat Intelligence<br><a target="_blank" href="http://www.darknet.org.uk/2016/06/openioc-sharing-threat-intelligence/">http://www.darknet.org.uk/2016/06/openioc-sharing-threat-intelligence/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>拥有300万安装量的应用是如何恶意推广刷榜的？ <br><a target="_blank" href="http://drops.wooyun.org/mobile/17675">http://drops.wooyun.org/mobile/17675</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>FreeBSD encryption. Part 1<br><a target="_blank" href="http://byinsecure.com/freebsd-crypto-protection/">http://byinsecure.com/freebsd-crypto-protection/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Fuzzing_and_Patch_Analysis-SAGEly_Advice <br><a target="_blank" href="http://www.talosintelligence.com/files/publications_and_presentations/presentations/Fuzzing_and_Patch_Analysis-SAGEly_Advice.pdf">http://www.talosintelligence.com/files/publications_and_presentations/presentations/Fuzzing_and_Patch_Analysis-SAGEly_Advice.pdf</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level5 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level05/">http://paraschetal.in/gracker-level05/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span> Project Keyhole - A python framework to automatically backdoor binaries or sour<br><a target="_blank" href="http://seclist.us/project-keyhole-is-a-python-framework-to-automatically-backdoor-binaries-or-source-code.html">http://seclist.us/project-keyhole-is-a-python-framework-to-automatically-backdoor-binaries-or-source-code.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>A Framework for the Analysis of Complex Code-Reuse Attacks<br><a target="_blank" href="http://www.talosintelligence.com/files/publications_and_presentations/papers/ROPMEMU_graziano.pdf">http://www.talosintelligence.com/files/publications_and_presentations/papers/ROPMEMU_graziano.pdf</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>HuntingTheHunters_2016 <br><a target="_blank" href="http://www.talosintelligence.com/files/publications_and_presentations/presentations/HuntingTheHunters_2016.pdf">http://www.talosintelligence.com/files/publications_and_presentations/presentations/HuntingTheHunters_2016.pdf</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>OWASP ZCR Shellcoder<br><a target="_blank" href="http://paraschetal.in/owasp-zsc/">http://paraschetal.in/owasp-zsc/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level1 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level01/">http://paraschetal.in/gracker-level01/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Papertrail - Log management cloud service for free<br><a target="_blank" href="https://papertrailapp.com/">https://papertrailapp.com/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level2 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level02/">http://paraschetal.in/gracker-level02/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level7 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level07/">http://paraschetal.in/gracker-level07/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>The Tales of a Bug Bounty Hunter  <br><a target="_blank" href="https://www.youtube.com/watch?v=jnEZWuJ39Fw&amp;list=PLpr-xdpM8wG-Kf1_BOnT2LFZU8_SXfpKL">https://www.youtube.com/watch?v=jnEZWuJ39Fw&amp;list=PLpr-xdpM8wG-Kf1_BOnT2LFZU8_SXfpKL</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>谈谈我这三年在前端技术上的成长 <br><a target="_blank" href="http://www.barretlee.com/blog/2016/07/11/learning-recent-years/">http://www.barretlee.com/blog/2016/07/11/learning-recent-years/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>X86 Shellcode Obfuscation - Part 1<br><a target="_blank" href="https://breakdev.org/x86-shellcode-obfuscation-part-1/">https://breakdev.org/x86-shellcode-obfuscation-part-1/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>ppt exploits PPT Powerpoint Presentations and Slides<br><a target="_blank" href="http://www.pptsearch365.com/ppt-exploits.html">http://www.pptsearch365.com/ppt-exploits.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span> Shellcode mapper <br><a target="_blank" href="https://github.com/suraj-root/smap/">https://github.com/suraj-root/smap/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level3 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level03/">http://paraschetal.in/gracker-level03/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>This URL will crash your Ubuntu wget<br><a target="_blank" href="https://marcograss.github.io/security/linux/2016/07/09/this-url-will-crash-wget.html">https://marcograss.github.io/security/linux/2016/07/09/this-url-will-crash-wget.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>X86 Shellcode Obfuscation - Part 2<br><a target="_blank" href="https://breakdev.org/x86-shellcode-obfuscation-part-2/">https://breakdev.org/x86-shellcode-obfuscation-part-2/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level9 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level09/">http://paraschetal.in/gracker-level09/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level6 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level06/">http://paraschetal.in/gracker-level06/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Gracker level4 write-up<br><a target="_blank" href="http://paraschetal.in/gracker-level04/">http://paraschetal.in/gracker-level04/</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/124">SecWiki周刊(第124期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
